auth_server #1
24
auth/auth.rb
24
auth/auth.rb
|
@ -19,34 +19,20 @@ decoded_token = JWT.decode token, hmac_secret, true, { algorithm: 'HS256' }
|
||||||
|
|
||||||
initialize_database
|
initialize_database
|
||||||
|
|
||||||
# Define a simple API endpoint
|
|
||||||
get '/api/greeting' do
|
|
||||||
content_type :json
|
|
||||||
{ greeting: 'Hello, World!' }.to_json
|
|
||||||
end
|
|
||||||
|
|
||||||
get '/api/greeting/:name' do
|
|
||||||
get_claims params[:name]
|
|
||||||
content_type :json
|
|
||||||
{ greeting: "Hello, #{params[:name]}!" }.to_json
|
|
||||||
end
|
|
||||||
|
|
||||||
post '/auth/login' do
|
post '/auth/login' do
|
||||||
|
content_type :json
|
||||||
|
|
||||||
username = params[:username]
|
username = params[:username]
|
||||||
password = params[:password]
|
password = params[:password]
|
||||||
request_hashed_password = hash_password password
|
|
||||||
|
|
||||||
user_id = get_user_id username
|
user_id = get_user_id username
|
||||||
hashed_password = get_user_hashed_password user_id
|
|
||||||
|
|
||||||
puts hashed_password
|
unless check_password_for_user(user_id, password)
|
||||||
puts request_hashed_password
|
|
||||||
unless hashed_password == request_hashed_password
|
|
||||||
status 401
|
status 401
|
||||||
'Unauthorized Access'
|
|
||||||
|
return { jwt: "Unuthorized Access" }.to_json
|
||||||
end
|
end
|
||||||
|
|
||||||
content_type :json
|
|
||||||
{ jwt: "Logged in" }.to_json
|
{ jwt: "Logged in" }.to_json
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,15 @@
|
||||||
require 'bcrypt'
|
require 'bcrypt'
|
||||||
|
|
||||||
def hash_password(password)
|
def create_password_for_user(password)
|
||||||
# Hash the password without using a salt
|
return BCrypt::Password.create(password)
|
||||||
hashed_password = BCrypt::Password.create(password, salt: 'hello')
|
end
|
||||||
return hashed_password
|
|
||||||
end
|
def check_password_for_user(user_id, entered_password)
|
||||||
|
hashed_password = get_user_hashed_password(user_id)
|
||||||
|
|
||||||
|
if BCrypt::Password.new(hashed_password) == entered_password
|
||||||
|
return true
|
||||||
|
else
|
||||||
|
return false
|
||||||
|
end
|
||||||
|
end
|
|
@ -1,5 +1,17 @@
|
||||||
require 'sqlite3'
|
require 'sqlite3'
|
||||||
|
|
||||||
|
|
||||||
|
def create_new_user(username, password)
|
||||||
|
db = SQLite3::Database.new('./database/auth.db')
|
||||||
|
|
||||||
|
db.execute('
|
||||||
|
INSERT INTO users (username, hashed_password)
|
||||||
|
VALUES (?, ?)
|
||||||
|
', [username, create_password_for_user(password)])
|
||||||
|
end
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
def get_user_id(username)
|
def get_user_id(username)
|
||||||
db = SQLite3::Database.new('./database/auth.db')
|
db = SQLite3::Database.new('./database/auth.db')
|
||||||
|
|
||||||
|
@ -26,15 +38,12 @@ def get_user_hashed_password(user_id)
|
||||||
return password_hash
|
return password_hash
|
||||||
end
|
end
|
||||||
|
|
||||||
def get_user_salt(user_id)
|
def update_user_password(user_id, password)
|
||||||
db = SQLite3::Database.new('./database/auth.db')
|
db = SQLite3::Database.new('./database/auth.db')
|
||||||
|
|
||||||
salt = db.get_first_value('
|
db.execute('
|
||||||
SELECT salt
|
UPDATE users
|
||||||
FROM users U
|
SET hashed_password = ?, salt = ?
|
||||||
WHERE U.id = ?
|
WHERE id = ?
|
||||||
|
', [hash_password, salt, user_id])
|
||||||
', [user_id])
|
|
||||||
|
|
||||||
return salt
|
|
||||||
end
|
end
|
|
@ -23,9 +23,9 @@ def initialize_database
|
||||||
result = db.get_first_value('SELECT COUNT(*) FROM users')
|
result = db.get_first_value('SELECT COUNT(*) FROM users')
|
||||||
|
|
||||||
if result == 0
|
if result == 0
|
||||||
hashed_password = hash_password 'pass123'
|
|
||||||
puts 'Default admin user added.'
|
puts 'Default admin user added.'
|
||||||
db.execute('INSERT INTO users (username, hashed_password) VALUES (?, ?)', ['admin', hashed_password])
|
|
||||||
|
create_new_user('admin', 'pass123')
|
||||||
else
|
else
|
||||||
puts 'Table already contains data. Skipping default user creation.'
|
puts 'Table already contains data. Skipping default user creation.'
|
||||||
end
|
end
|
||||||
|
|
|
@ -14,7 +14,7 @@ http = Net::HTTP.new(url.host, url.port)
|
||||||
request = Net::HTTP::Post.new(url.path)
|
request = Net::HTTP::Post.new(url.path)
|
||||||
|
|
||||||
# Set the request body with the data you want to send
|
# Set the request body with the data you want to send
|
||||||
request.body = 'username=admin&password=pass123'
|
request.body = 'username=admin&password=pass1re23'
|
||||||
|
|
||||||
# Set the 'Content-Type' header if needed
|
# Set the 'Content-Type' header if needed
|
||||||
request['Content-Type'] = 'application/x-www-form-urlencoded'
|
request['Content-Type'] = 'application/x-www-form-urlencoded'
|
||||||
|
|
Loading…
Reference in New Issue